Skip to content
GitLab
Explore
Sign in
Primary navigation
Search or go to…
Project
Tor
Manage
Activity
Members
Labels
Plan
Issues
Issue boards
Milestones
Code
Merge requests
Repository
Branches
Commits
Tags
Repository graph
Compare revisions
Build
Pipelines
Jobs
Pipeline schedules
Artifacts
Deploy
Releases
Package registry
Container registry
Model registry
Operate
Environments
Terraform modules
Monitor
Incidents
Service Desk
Analyze
Value stream analytics
Contributor analytics
CI/CD analytics
Repository analytics
Model experiments
Help
Help
Support
GitLab documentation
Compare GitLab plans
Community forum
Contribute to GitLab
Provide feedback
Keyboard shortcuts
?
Snippets
Groups
Projects
Show more breadcrumbs
sergi
Tor
Commits
50b06a2b
Commit
50b06a2b
authored
14 years ago
by
Nick Mathewson
Browse files
Options
Downloads
Patches
Plain Diff
make the description of tolen_asserts more dire
We have a CVE # for this bug.
parent
115782bd
Branches
Branches containing commit
Tags
Tags containing commit
No related merge requests found
Changes
1
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
changes/tolen_asserts
+3
-4
3 additions, 4 deletions
changes/tolen_asserts
with
3 additions
and
4 deletions
changes/tolen_asserts
+
3
−
4
View file @
50b06a2b
o Major bugfixes (security)
- Fix a heap overflow bug where an adversary could cause heap
corruption. Since the contents of the corruption would need to be
the output of an RSA decryption, we do not think this is easy to
turn in to a remote code execution attack, but everybody should
upgrade anyway. Found by debuger. Bugfix on 0.1.2.10-rc.
corruption. This bug potentially allows remote code execution
attacks. Found by debuger. Fixes CVE-2011-0427. Bugfix on
0.1.2.10-rc.
o Defensive programming
- Introduce output size checks on all of our decryption functions.
This diff is collapsed.
Click to expand it.
Preview
0%
Loading
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Save comment
Cancel
Please
register
or
sign in
to comment
